husycisco Fri, 12/14/2007 - 07:29

Hi Imran

Sure.

group-policy yourexstingvpnpolicynamehere attributes

vpn-filter value restrictions

Now If you want to allow specific traffic and deny the rest, use following

access-list restrictions extended permit ip yourvpnclientpool yourvpnclientpoolmask host insideclientipz

access-list restrictions extended permit tcp yourvpnclientpool yourvpnclientpoolmask host insideclientipy eq 1433

access-list restrictions extended permit ip yourvpnclientpool yourvpnclientpoolmask host insideclientipx

access-list restrictions extended deny ip any any

If you want to deny specific traffic and permit the rest, use the following

access-list restrictions extended deny ip yourvpnclientpool yourvpnclientpoolmask host insideclientipz

access-list restrictions extended deny tcp yourvpnclientpool yourvpnclientpoolmask host insideclientipy eq 1433

access-list restrictions extended deny ip yourvpnclientpool yourvpnclientpoolmask host insideclientipx

access-list restrictions extended permit ip any any

Regards

husycisco Fri, 12/14/2007 - 07:43

Ah, I was typing the above edited post and you sent the link :)

Actions

This Discussion